The technology blog of Neil Thompson

I am occasionally asked by family and friends to give advice on whether an email is genuine.

These are not emails from Nigerian kings looking to transfer out money via your bank account but emails that appear to be from companies and government departments that you would recognise and may have account and dealings with.

Of course this recognition is exactly what phishers are aiming at. You are thrown that your bank has sent you an email requesting that you login and view an important message from them.

There is actually a pretty easy well to tell if the email is genuine or not and that is just to hover your mouse over any link in the email and take a look at where it is sending you, just DON’T CLICK THE LINK!

So, for example, the following purports to be from Her Majesty’s Revenue & Customs (the people that collect taxes in the UK and better known as HMRC). Here I have highlighted the link that we are being sent to. The question to ask is does this seem like the name that a government agency would use as their website address? Wouldn’t they choose something memorable and meaningful? Something like www.hmrc.gov.uk to be exact. So we can be pretty sure that this is a scam.

Sometimes though it is even easier than that. The image at the top of the page is an email I received this morning suggesting that I had a new comment on the website. There are several things wrong with this but the most glaringly obvious one is the text on the button says “Sing in”. In my experience the spelling of corporates such as banks and government agencies and large providers such as WordPress where the above purports to come from is pretty good. This is too simple to have slipped through the net. It also fails the link hover test described above.

However, what I like most about this example is the irony in suggesting that the comment is telling me to “Check your spelling”. I am not sure if this is deliberate or accidental but it was brilliant!